[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [XEN PATCH 11/11] x86/mm: Add assertion to address MISRA C:2012 Rule 2.1

To: Jan Beulich <jbeulich@xxxxxxxx>
From: Nicola Vetrini <nicola.vetrini@xxxxxxxxxxx>
Date: Thu, 03 Aug 2023 11:30:21 +0200
Cc: sstabellini@xxxxxxxxxx, michal.orzel@xxxxxxx, xenia.ragiadakou@xxxxxxx, ayan.kumar.halder@xxxxxxx, consulting@xxxxxxxxxxx, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 03 Aug 2023 09:30:31 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 03/08/2023 11:20, Jan Beulich wrote:

On 02.08.2023 16:38, Nicola Vetrini wrote:

--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -4879,6 +4879,7 @@ long arch_memory_op(unsigned long cmd,XEN_GUEST_HANDLE_PARAM(void) arg)
         return subarch_memory_op(cmd, arg);
     }

+    ASSERT_UNREACHABLE();
     return 0;
 }


I'd prefer to instead switch earlier "return 0" to "break".

Ok

--- a/xen/arch/x86/mm/p2m-pod.c
+++ b/xen/arch/x86/mm/p2m-pod.c
@@ -1045,6 +1045,7 @@ p2m_pod_zero_check(struct p2m_domain *p2m, constgfn_t *gfns, unsigned int count
     }

     return;
+    ASSERT_UNREACHABLE();

 out_unmap:
     /*


In the description you say "before", but here you add something _after_
"return". What's the deal?

Jan

In this case the unreachable part is that after the label (looking at itnow, I should haveput the assert after the label to make it clear), because earlier alljumps to

'out_unmap' are like this:

  ASSERT_UNREACHABLE();
  domain_crash(d);
  goto out_unmap;

As I understood it, this is a defensive coding measure, preventing pagesto remain mapped if,

for some reason the above code actually executes. Am I correct?

Regards,

--
Nicola Vetrini, BSc
Software Engineer, BUGSENG srl (https://bugseng.com)

Follow-Ups:
- Re: [XEN PATCH 11/11] x86/mm: Add assertion to address MISRA C:2012 Rule 2.1
  - From: Jan Beulich

References:
- [XEN PATCH 00/11] xen: address MISRA C:2012 Rule 2.1
  - From: Nicola Vetrini
- [XEN PATCH 11/11] x86/mm: Add assertion to address MISRA C:2012 Rule 2.1
  - From: Nicola Vetrini
- Re: [XEN PATCH 11/11] x86/mm: Add assertion to address MISRA C:2012 Rule 2.1
  - From: Jan Beulich

Prev by Date: Re: [XEN PATCH 11/11] x86/mm: Add assertion to address MISRA C:2012 Rule 2.1
Next by Date: Re: [RFC PATCH] arm/gicv2: make GICv2 driver and vGICv2 optional
Previous by thread: Re: [XEN PATCH 11/11] x86/mm: Add assertion to address MISRA C:2012 Rule 2.1
Next by thread: Re: [XEN PATCH 11/11] x86/mm: Add assertion to address MISRA C:2012 Rule 2.1
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.